Category Archives: Zend

ZF has just released its newest version today, version 1.0.0. This is the first major release and the stable one. So now, it is safe to say that ZF is the first and the best class library available for PHP5 web application development.

Congratulations to ZF developer team, and congratulations to us all, PHP developers around the world.

Oh yes, the compatibility issue. Ok, since i’m rewriting all my web apps using Zend Framework now, i guess I don’t have much choice except to switch my PHP installed on my server to PHP5 (Zend Framework was written in PHP5).

Why would i use Zend Framework? two words: beautiful and simple. ZF knows very well how to use the power which comes with PHP5. OOP and design pattern are well written all over the place. Having a quick look at Zend_Controller will explain why i say this.

When evaluating the code within Zend Framework, it was clear that the concept of â€œExtreme Simplictyâ€ meant that when faced with design decisions, Zend Framework always went with using the power which is built into PHP5 …

In a couple words, extreme simplicity means not reimplementing functionality already available in PHP5.

ZF now in days away from its stable version (currently in 1.0.0-RC2). As many other people out there, i hope ZF will be the rescuer of PHP5 slow adoption. In broad, i hope it will make alot easier for us to build a profesional yet reliable web apps using PHP.

As written in Google Code blog (err, yesterday), Ngeblog now supports AuthSub authentication. And it uses Zend Framework (Zend_Gdata) for abstracting the whole authentication process, including ClientLogin authentication.

Since Ngeblog 0.2 now uses the modified version of Zend_Gdata, the files is getting larger and it is hard for me to put Ngeblog 0.2 to phpclasses. So for now on you can download the source here or you can use svn to get the latest files on Google Code project hosting here.

Try out the demo here for ClientLogin authentication and here for AuthSub authentication. You can see the source code here and here for both demo respectively.

After played around with it for hours, i finally got into a decision to use Zend Gdata for abstracting Ngeblog connection to Blogger. Unfortunately, Zend GData class library only supports AuthSub authentication, while Ngeblog already usesClientLogin authentication and works fine so far.

So, to make it available for both type of authentication, i finally sat down and wrote some codes myself to add ClientLogin support for Zend GData. You can download the bundle in .zip here or in .tgz here which contains both original Zend_Gdata bundle and my Zend_Gdata_ClientLogin class for ClientLogin authentication.

How it works

To understand how this class works, you must first understand how Google account authentication works. Please read the manual for that. But i try to explain it anyway.

Authentication is required to access any of Google Services such as Google Calendar, Google Base or Blogger. To do that, first you must provide username and password to log into your Google account. And then once your login is authorized, Google will give you a token to identify yourself for accessing the desired Google Service.

Currently there are two kind of authentication that Google uses. AuthSub authentication and ClientLogin authentication. As the manual said, AuthSub is used for web application that offers a service to access Google Service. While ClientLogin is used for installed application, such as desktop or handheld application.

But that doesn’t mean you can’t use ClientLogin for web application. It’s just that with ClientLogin authentication you must handle the authentication programmatically yourself to get the token. While with AuthSub you only need to redirect your web users to log into Google Account web site and grab the token as the result once they authorized.

Now, let’s get to the business. To use this class, you must first include Zend.php and load Zend_Gdata_ClientLogin class, like this:

, if the authentication is success (authorized by Google), the output will be something like this,

Array
(
[response] => authorized
[auth] => DQAAAGgA...dk3fA5N
)

Second, if the authentication is failed for some reasons, it throws exception. About the reason of this failure, the manual said:

Please note that ClientLogin does not differentiate between a failure due to an incorrect password or one due to an unrecognized user name (for example, if the user has not yet signed up for an account).

ClientLogin uses standard security measures to protect user account information. To block bots and other entities from breaking user passwords, Google Accounts may add a visual CAPTCHAï¿½ to the authentication process when the server suspects an illegal intrusion, such as after too many incorrect login attempts. A CAPTCHA ensures that a real person is attempting login, and not a computer trying random strings (a dictionary attack).

Handling CAPTCHA Challenge

As i mentioned above, when Google requires you to answer CAPTCHA challenge (when she suspects you as an intruder ), you’ll get both captchatoken for identifying which CAPTCHA image you received, and captchaurl that shows you the location of the image you have to answer (to tell miss Google you are human, not bot).

To answer that challenge, you use the same getClientLoginAuth method, only now with two additional parameters: captchatoken and captchaanswer.

If you ARE really human, then most likely you’ll get something like this as the result,

Array
(
[response] => authorized
[auth] => DQAAAGgA...dk3fA5N
)

which means you’re now authorized to use Google Service you requested, in this case is Blogger. Use $resp['auth'] as your token (authorization code) to do the rest of operation (query, add, edit or delete posts in your Blogger).

In Action: Reading Blogger

This far, some of you might said, “what in Google Earth is this guy talking about?!”.

Alright kids, grab your emacs or UltraEdit, here comes the example. What we’re going to do here is to get the entries of your Blogger, for comparing purpose with what Zend does using AuthSub (see my previous post here).